Password Attacks Lab - Hard

BenKen · September 27, 2022, 7:32am

i’m really stacked here, tried to crack Johanna password through rpd… but always The connection failed to establish problem
Please any help

PayloadBunny · September 27, 2022, 12:54pm

Have you tried to establish an RDP connection with Remmina?

BenKen · September 27, 2022, 12:56pm

Not yet… i’m brute-forcing for Johnanna… but not getting anything

subrealz · October 16, 2022, 11:05am

hey guys,
Just wanted to put on a few notes there.
First, for SMB download / upload there is a possibility of using : recurse and mget / mput.
Makes it easier for those tasks.
Second I wanted to ask if someone can share how to mount bitlocker files in linux.
Having no windows myself I had to use my friends’
I made a few research but couldnt find a decent answer. Dislocker seems to be an option but lacking a good documentation.
Thx

BenKen · October 16, 2022, 4:55pm

I think this will help you…
but for me i had to transfer the file into my windows VM then unlocked it and re-transfer the files in the disk back to my Linux system

truthreaper · October 20, 2022, 1:20am

Stuck on the hard lab now too if anyone out there has any tips or clues. Ive been bruteforcing Johanna using hydra rdp. Its been giving me different passwords for Johanna. Non of them seem to work. Guess theres false postives from hydra rdp module?

PayloadBunny · October 20, 2022, 1:50am

You can use crackmapexec instead of hydra.

truthreaper · October 20, 2022, 2:11am

ok ill switch tools up and try that

lxuxer · October 31, 2022, 10:32pm

stuck in the lab I managed to open keepass and get D.'s password but it won’t let me rdp or evil-winrm. I miss something?

truthreaper · November 1, 2022, 2:53am

Try enumerating smb with D.'s creds with a tool like smbclient. Theyll be a bitlocker back up file that youll need to extract hashes from and crack to get to the next stage of the lab.

UDrinkincoffee · November 1, 2022, 5:31pm

this is a good link for the backup file

cheekychimp · November 7, 2022, 3:18am

Hey @UDrinkincoffee - thanks so much for your help on the last one… how did you extract the H**** from the S** file!!! really stuck again any assistance would be amazing. I Don’t think they’ve showed us how to do it in HTB

cheekychimp · November 7, 2022, 1:04pm

Ah nevermind i’ve got it now. I can’t wait for this module to be over!

UDrinkincoffee · November 7, 2022, 2:05pm

LOLz I feel ya dude. I felt the same way. Good stuff though.

BenKen · November 11, 2022, 7:47pm

@cheekychimp let’s keep the fire burning

meerrk4t · December 13, 2022, 6:01pm

hey any hint on how to get the file over to the attack box? tried with smbserver but is not allowed… and i cannot login over as the other user with evil-winrm

truthreaper · December 15, 2022, 2:18am

I think the lab box is internet connected upload the file to the internet somewhere then download to your attack box for cracking. A good service to do this is www.ufile.io

PSySpin · December 20, 2022, 9:24am

try using a python upload server, this help me on this part of the lab

ssh25621 · February 16, 2023, 11:14am

what can I do after finding johanna’s password? i screw up, dont know what to do, there is a file .kdbx i literally cannot crack it, fvck im tired

ssh25621 · February 16, 2023, 11:20am

I dont know what to do after finding johanna’s password, that is insane, i tried pretty much everything, i found .kdbx file but have no clue how to crack it